• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort log sending to Splunk

Scheduled Pinned Locked Moved pfSense Packages
2 Posts 1 Posters 4.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nojja
    last edited by Apr 30, 2015, 5:53 PM

    Hello !

    I've just installed splunk on a debian host in my LAN and I just can't find how to, on my pfSense tell snort to send logs, alerts and all the usefull data to the splunk server.

    This debian server is already a nagios and syslog server.

    Any help ?

    (Sorry for my bad english, i'm french)

    1 Reply Last reply Reply Quote 0
    • N
      nojja
      last edited by Apr 30, 2015, 7:24 PM

      Okay , found it !
      If it can help someone :
      The snort logs are included in the firewall logs so if you redirect your logs to a syslog server in >Status>System Logs>settings>remote server splunk will catch them.
      But you have to allow incoming logs from udp port 514 in splunk

      Now the question is .. how to correctly parse snort logs in splunk because the log format seems to have changed recently and I can't find any support on the net

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received